Windows
Analysis Report
y0EWt2mE9h.exe
Overview
General Information
Detection
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Classification
- System is w10x64
y0EWt2mE9h.exe (PID: 1332 cmdline:
C:\Users\u ser\Deskto p\y0EWt2mE 9h.exe MD5: 0588E4E46299165692A58B2046B3EA12) shS06Up82.exe (PID: 4124 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP000. TMP\shS06U p82.exe MD5: 1D818CDC54AEBE2E587F77D717B0D1C0) sSH13Pp30.exe (PID: 1324 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP001. TMP\sSH13P p30.exe MD5: 611B6D7CD33B7C08EFA3757F4080FF78) smi53cv51.exe (PID: 1212 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP002. TMP\smi53c v51.exe MD5: 830F4723EC8EAD8F959AF2AC394E2E8F) iGb20db.exe (PID: 4788 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP003. TMP\iGb20d b.exe MD5: 19C22162FD676451E1967474A4076E6F) kLL28QE.exe (PID: 2992 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP003. TMP\kLL28Q E.exe MD5: 3C88EF8689CBDA12A3A7C5D586E5FA04)
rundll32.exe (PID: 4332 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 00.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 3760 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 01.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 1008 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 02.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 2492 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 03.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Amadey | Amadey is a botnet that appeared around October 2018 and is being sold for about 500$ on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "193.233.20.15/dF30Hn4m/index.php", "Version": "3.67"}{"C2 url": "193.233.20.23:4124", "Bot Id": "rodik", "Authorization Header": "59b6e22e7cfd9b5fa0c99d1942f7c85d"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Click to see the 12 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Click to see the 28 entries | ||||
| Timestamp: | 193.233.20.23192.168.2.54124497032043234 02/25/23-09:08:56.956124 |
| SID: | 2043234 |
| Source Port: | 4124 |
| Destination Port: | 49703 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.5193.233.20.234970341242043233 02/25/23-09:08:55.914790 |
| SID: | 2043233 |
| Source Port: | 49703 |
| Destination Port: | 4124 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.5193.233.20.234970341242043231 02/25/23-09:09:12.429866 |
| SID: | 2043231 |
| Source Port: | 49703 |
| Destination Port: | 4124 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | ReversingLabs: | |||
| Source: | ReversingLabs: | |||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Code function: | 0_2_00E72F1D | |
| Source: | Code function: | 1_2_003E2F1D | |
| Source: | Code function: | 2_2_000E2F1D | |
| Source: | Code function: | 3_2_00A62F1D | |
Compliance |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00E72390 | |
| Source: | Code function: | 1_2_003E2390 | |
| Source: | Code function: | 2_2_000E2390 | |
| Source: | Code function: | 3_2_00A62390 | |
Networking |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | IP Address: | ||
| Source: | TCP traffic: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Binary or memory string: | ||
System Summary |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00E73BA2 | |
| Source: | Code function: | 0_2_00E75C9E | |
| Source: | Code function: | 1_2_003E3BA2 | |
| Source: | Code function: | 1_2_003E5C9E | |
| Source: | Code function: | 2_2_000E3BA2 | |
| Source: | Code function: | 2_2_000E5C9E | |
| Source: | Code function: | 3_2_00A63BA2 | |
| Source: | Code function: | 3_2_00A65C9E | |
| Source: | Code function: | 6_2_00408C60 | |
| Source: | Code function: | 6_2_0040DC11 | |
| Source: | Code function: | 6_2_00407C3F | |
| Source: | Code function: | 6_2_00418CCC | |
| Source: | Code function: | 6_2_00406CA0 | |
| Source: | Code function: | 6_2_004028B0 | |
| Source: | Code function: | 6_2_0041A4BE | |
| Source: | Code function: | 6_2_00418244 | |
| Source: | Code function: | 6_2_00401650 | |
| Source: | Code function: | 6_2_00402F20 | |
| Source: | Code function: | 6_2_004193C4 | |
| Source: | Code function: | 6_2_00418788 | |
| Source: | Code function: | 6_2_00402F89 | |
| Source: | Code function: | 6_2_00402B90 | |
| Source: | Code function: | 6_2_004073A0 | |
| Source: | Dropped File: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00E71F90 | |
| Source: | Code function: | 1_2_003E1F90 | |
| Source: | Code function: | 2_2_000E1F90 | |
| Source: | Code function: | 3_2_00A61F90 | |
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00E73FEF | |
| Source: | Code function: | 4_2_00007FF9A5DC1A1D | |
| Source: | Code function: | 0_2_00E74FE0 | |
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E71F90 | |
| Source: | Code function: | 1_2_003E1F90 | |
| Source: | Code function: | 2_2_000E1F90 | |
| Source: | Code function: | 3_2_00A61F90 | |
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E7597D | |
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 6_2_004019F0 | |
| Source: | Process created: | ||
| Source: | Command line argument: | 0_2_00E72BFB | |
| Source: | Command line argument: | 1_2_003E2BFB | |
| Source: | Command line argument: | 2_2_000E2BFB | |
| Source: | Command line argument: | 3_2_00A62BFB | |
| Source: | Command line argument: | 6_2_00413780 | |
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_00E77260 | |
| Source: | Code function: | 1_2_003E7260 | |
| Source: | Code function: | 2_2_000E7260 | |
| Source: | Code function: | 3_2_00A67260 | |
| Source: | Code function: | 6_2_0041C4E2 | |
| Source: | Code function: | 6_2_00423179 | |
| Source: | Code function: | 6_2_0041C4E2 | |
| Source: | Code function: | 6_2_00423179 | |
| Source: | Code function: | 6_2_0040E230 | |
| Source: | Code function: | 6_2_0041C6BF | |
| Source: | Code function: | 6_2_02F4C487 | |
| Source: | Code function: | 6_2_02F4954A | |
| Source: | Code function: | 0_2_00E7202A | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_00E71AE8 | |
| Source: | Code function: | 1_2_003E1AE8 | |
| Source: | Code function: | 2_2_000E1AE8 | |
| Source: | Code function: | 3_2_00A61AE8 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion |
|---|
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 6_2_004019F0 | |
| Source: | Evasive API call chain: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Check user administrative privileges: | graph_2-2575 | ||
| Source: | Check user administrative privileges: | |||
| Source: | Check user administrative privileges: | graph_1-2454 | ||
| Source: | Check user administrative privileges: | graph_0-2449 | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Registry key enumerated: | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E75467 | |
| Source: | Code function: | 0_2_00E72390 | |
| Source: | Code function: | 1_2_003E2390 | |
| Source: | Code function: | 2_2_000E2390 | |
| Source: | Code function: | 3_2_00A62390 | |
| Source: | Code function: | 6_2_004019F0 | |
| Source: | Code function: | 0_2_00E7202A | |
| Source: | Code function: | 6_2_02F47A23 | |
| Source: | Code function: | 6_2_0040CE09 | |
| Source: | Code function: | 6_2_0040ADB0 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E76F40 | |
| Source: | Code function: | 0_2_00E76CF0 | |
| Source: | Code function: | 1_2_003E6F40 | |
| Source: | Code function: | 1_2_003E6CF0 | |
| Source: | Code function: | 2_2_000E6F40 | |
| Source: | Code function: | 2_2_000E6CF0 | |
| Source: | Code function: | 3_2_00A66F40 | |
| Source: | Code function: | 3_2_00A66CF0 | |
| Source: | Code function: | 6_2_0040CE09 | |
| Source: | Code function: | 6_2_0040E61C | |
| Source: | Code function: | 6_2_00416F6A | |
| Source: | Code function: | 6_2_004123F1 | |
| Source: | Code function: | 0_2_00E717EE | |
| Source: | Code function: | 6_2_00417A20 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00E77155 | |
| Source: | Code function: | 4_2_00007FF9A5DC077D | |
| Source: | Code function: | 0_2_00E72BFB | |
Lowering of HIPS / PFW / Operating System Security Settings |
|---|
| Source: | Registry key value created / modified: | Jump to behavior | ||
| Source: | Registry key value created / modified: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 221 Windows Management Instrumentation | 1 Windows Service | 2 Bypass User Access Control | 21 Disable or Modify Tools | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
| Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 3 Data from Local System | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | 2 Command and Scripting Interpreter | Logon Script (Windows) | 1 Windows Service | 2 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 1 Input Capture | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | 1 Service Execution | Logon Script (Mac) | 1 Process Injection | 2 Software Packing | NTDS | 137 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 361 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Bypass User Access Control | Cached Domain Credentials | 231 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Masquerading | DCSync | 12 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 231 Virtualization/Sandbox Evasion | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
| Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 Process Injection | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
| Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | 1 Rundll32 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 69% | ReversingLabs | Win32.Trojan.Amadey | ||
| 52% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 72% | ReversingLabs | Win32.Trojan.Amadey | ||
| 70% | Virustotal | Browse | ||
| 56% | ReversingLabs | Win32.Trojan.Tedy | ||
| 46% | Virustotal | Browse | ||
| 46% | ReversingLabs | Win32.Trojan.Seraph | ||
| 46% | Virustotal | Browse | ||
| 54% | ReversingLabs | Win32.Trojan.Tedy | ||
| 41% | Virustotal | Browse | ||
| 46% | ReversingLabs | Win32.Packed.Generic | ||
| 48% | Virustotal | Browse | ||
| 54% | ReversingLabs | Win32.Trojan.Tedy | ||
| 56% | ReversingLabs | Win32.Trojan.Casdet | ||
| 46% | ReversingLabs | Win32.Trojan.Seraph |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 4% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| low |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 193.233.20.23 | unknown | Russian Federation | 8749 | REDCOM-ASRedcomKhabarovskRussiaRU | true |
| Joe Sandbox Version: | 36.0.0 Rainbow Opal |
| Analysis ID: | 815074 |
| Start date and time: | 2023-02-25 09:07:26 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 12m 10s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample file name: | y0EWt2mE9h.exe |
| Original Sample Name: | 0588e4e46299165692a58b2046b3ea12.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@15/10@0/1 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 09:09:10 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 193.233.20.23 | Get hash | malicious | RedLine | Browse | ||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| REDCOM-ASRedcomKhabarovskRussiaRU | Get hash | malicious | RedLine | Browse |
| |
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Raccoon Stealer v2, RedLine, SmokeLoader, Socelars, onlyLogger | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
|
| Process: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 226 |
| Entropy (8bit): | 5.354940450065058 |
| Encrypted: | false |
| SSDEEP: | 6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv |
| MD5: | B10E37251C5B495643F331DB2EEC3394 |
| SHA1: | 25A5FFE4C2554C2B9A7C2794C9FE215998871193 |
| SHA-256: | 8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D |
| SHA-512: | 296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2843 |
| Entropy (8bit): | 5.3371553026862095 |
| Encrypted: | false |
| SSDEEP: | 48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKx1N:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtD |
| MD5: | DAF9A52B107236300FA41B38853735C8 |
| SHA1: | 43EF9F0EB0D9892B7CD8666E8AB2DD66E16ED6A7 |
| SHA-256: | 7CF83296761CD0CD127604D5BA83CB7EBCCF29C2B1964AFD8867CE28A5834636 |
| SHA-512: | 9954EF9BB1EEB1805DDF2FCE219A7678031B71AAFF29F05A3EE210F01C0C4B484194C43584366D6FD287F69A54B876AD1C110CF5F244EE21CA5ADD8C5957164A |
| Malicious: | true |
| Preview: |
| Process: | C:\Users\user\Desktop\y0EWt2mE9h.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 245414 |
| Entropy (8bit): | 6.361027832663395 |
| Encrypted: | false |
| SSDEEP: | 6144:U6f3mSV2p10caphMnboArJMuVyhpLT7oC2y8nU:UTb0caE0A2uVybLT7oChd |
| MD5: | 793589EA3A4AFA871CAB7455576A4610 |
| SHA1: | 69EFBEC0FEBFA4580F70AA3F47A1D98C10D5D37E |
| SHA-256: | E3E3165A44A938B18E994C319A2D7955816D3352B41B95EB33C8EEBD7291881C |
| SHA-512: | 6A078944BDBE83F25D61F0A5A55C41493493E57553EC9003EE6FD285488A7BE7C0A2B00D6A14B863F6DC0BDC0AB0815E7EFCE2098CD88B339AD30AF4DF82B32B |
| Malicious: | true |
| Yara Hits: |
|
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\y0EWt2mE9h.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 929792 |
| Entropy (8bit): | 7.9142524491964945 |
| Encrypted: | false |
| SSDEEP: | 24576:hyxX5INRPSyRvzjMCJJEEzLjUaKKdv9wVlep8W:UxAPVv/MCLvFdiVlea |
| MD5: | 1D818CDC54AEBE2E587F77D717B0D1C0 |
| SHA1: | 1110F3310CADF95C55FC4ED07077B26DF3706887 |
| SHA-256: | 2E79C4B3F0149D247D4497BE07B33993ED729D1B9F611F4668ED014C7DF4B0A8 |
| SHA-512: | 0939F45FD4F1C38476CA39BE341C0D38BF98BA63A4FA1A3234AE6F2ADFD51F8AAAACF15EDDDDF4ACD1653FC0C9AE35902360A81E1213387EBC4917F6F4B213FA |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 351744 |
| Entropy (8bit): | 7.051104239997113 |
| Encrypted: | false |
| SSDEEP: | 6144:iTUALK3rF65KLXfEeznTDxvMEVPOEY47n5mIZ/ysa:iT3ubF654dznTDxkZEY4jhUs |
| MD5: | 3C88EF8689CBDA12A3A7C5D586E5FA04 |
| SHA1: | E9CD6467705015FD99F90195D406EB324F56C1B5 |
| SHA-256: | 5E952D469BEF765647688D773A962727577618618B9C121AD86EF64D3BC2860E |
| SHA-512: | 089BE7BC8FF72155A9A391D4FF9ACF4267194D3A8C730CF5A295DE45FED7DBF1BAE525A9D4DB383AC6361745BE74EBC134CFE6AC686FDE1766123A0A1DB61C07 |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: | |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 699904 |
| Entropy (8bit): | 7.870556102288291 |
| Encrypted: | false |
| SSDEEP: | 12288:IMr4y90271eaQeUyBTo8vgijsMMzmiqY4qh+zoytDvUpKKdvlPlu:AyjBeatZvlYMn1J8+zFvUpKKdvVo |
| MD5: | 611B6D7CD33B7C08EFA3757F4080FF78 |
| SHA1: | D52D5A366231470DDDE3403D772E9F158E1A5060 |
| SHA-256: | BEAAB8500DB0D508D314505C33307E40ACAB559BC625C4B7E2F6102FC11D81D7 |
| SHA-512: | 967E9B25F8D14A6B90B47F7538865862C4E7DAB9FF9F900AA39881FC87DF2485E4C80F0AB3DA662B6BA73F77A1D676383F7AF2ECD49BFA8F5AA7BDBAB6EE6F7A |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292352 |
| Entropy (8bit): | 6.768424467340251 |
| Encrypted: | false |
| SSDEEP: | 6144:LIJiLB3qs59NcKFXN7+CTcux9dFS3QJFXXr0aZraa:LIQ16s5vcKFB+QDS3QzXZO |
| MD5: | 651C8DE2C842222F48C74FB0715F3C6F |
| SHA1: | E44A7175B5764C0725BDF56D323B1DEF32DE7B4E |
| SHA-256: | C94C4C986988C2D336AAC0DDCE64BDE2EB6D4C00FCFD5DFA63F639E8977FA0F9 |
| SHA-512: | 5098233D1F25B37EFCD5F433C9D157F9E49B3139BC9125100244EF68EB0E7DDCFE2B5B38B09D07B940D516142A86C54FB99701B6F60B0816C9A98703C53D1820 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 409088 |
| Entropy (8bit): | 7.715633020574459 |
| Encrypted: | false |
| SSDEEP: | 6144:Ksy+bnr+Qp0yN90QEiVI5S2DDc+7RXqfyERCNMvvFEV/zEY47g5mIZIsi:0MrAy90k2D/lTsMMvdmEY4khji |
| MD5: | 830F4723EC8EAD8F959AF2AC394E2E8F |
| SHA1: | 0956323E9BA67824F36508E71DF3F64ED15D7062 |
| SHA-256: | 9D67FE0A2298EF64881F66D93C303F5D4D5ED871BFB1031DD9742847B27C8A54 |
| SHA-512: | C21D67A36DCEB6FE3DB90BF3206AC78FCC501E02951624467E3A368372A567CC15889533F8E9375DAE5CBF3474CB1D752C9AF2B6E63C380F313DFF63C607F61A |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11616 |
| Entropy (8bit): | 4.86144612114815 |
| Encrypted: | false |
| SSDEEP: | 96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp |
| MD5: | 19C22162FD676451E1967474A4076E6F |
| SHA1: | 87D8FB1EB1B75C81977DBD83A6CF860E93379387 |
| SHA-256: | 00279D7287A94179B005376B0D03F5E6EE190F259A8F48954BBB20CED05C3F9C |
| SHA-512: | F305788720BC0CA21FFA431E5041A33ED45AECFEE712AF6276BEB316028592AFAF4C085CBCE963E43544937454E5F65627413B12DD726311C77070F2CC4CB1D4 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 351744 |
| Entropy (8bit): | 7.051104239997113 |
| Encrypted: | false |
| SSDEEP: | 6144:iTUALK3rF65KLXfEeznTDxvMEVPOEY47n5mIZ/ysa:iT3ubF654dznTDxkZEY4jhUs |
| MD5: | 3C88EF8689CBDA12A3A7C5D586E5FA04 |
| SHA1: | E9CD6467705015FD99F90195D406EB324F56C1B5 |
| SHA-256: | 5E952D469BEF765647688D773A962727577618618B9C121AD86EF64D3BC2860E |
| SHA-512: | 089BE7BC8FF72155A9A391D4FF9ACF4267194D3A8C730CF5A295DE45FED7DBF1BAE525A9D4DB383AC6361745BE74EBC134CFE6AC686FDE1766123A0A1DB61C07 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.935053784481532 |
| TrID: |
|
| File name: | y0EWt2mE9h.exe |
| File size: | 1116672 |
| MD5: | 0588e4e46299165692a58b2046b3ea12 |
| SHA1: | 642675b7bf9a5897ad906bc1b5f820250ec1b41d |
| SHA256: | f45dd70543ccbc73be3743bac6f7e35179e5192bdd121504d129b74d1ae74996 |
| SHA512: | c29ad42e8330406805111525894df61db0bbe9cb67a98a19aab05eedccc00c05cfd588e7153873831f98a7fe908942dcaa19500cd94f735a4e1c5be8a12fca72 |
| SSDEEP: | 24576:OybxVhr/k1bBvmgMhSjJmz4jUxK1dvZ+SbuZScZZ:dbxHk1bBvRMEmG/dESCF |
| TLSH: | 4C352317A5EDD022E9B8177459F603C31A35FE916A3C4396A34EAEA91C330F4933635B |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d. |
| Icon Hash: | f8e0e4e8ecccc870 |
| Entrypoint: | 0x406a60 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x628D60E2 [Tue May 24 22:49:06 2022 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 10 |
| OS Version Minor: | 0 |
| File Version Major: | 10 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 10 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 646167cce332c1c252cdcb1839e0cf48 |
| Instruction |
|---|
| call 00007F4F68706895h |
| jmp 00007F4F687061A5h |
| push 00000058h |
| push 004072B8h |
| call 00007F4F68706937h |
| xor ebx, ebx |
| mov dword ptr [ebp-20h], ebx |
| lea eax, dword ptr [ebp-68h] |
| push eax |
| call dword ptr [0040A184h] |
| mov dword ptr [ebp-04h], ebx |
| mov eax, dword ptr fs:[00000018h] |
| mov esi, dword ptr [eax+04h] |
| mov edi, ebx |
| mov edx, 004088ACh |
| mov ecx, esi |
| xor eax, eax |
| lock cmpxchg dword ptr [edx], ecx |
| test eax, eax |
| je 00007F4F687061BAh |
| cmp eax, esi |
| jne 00007F4F687061A9h |
| xor esi, esi |
| inc esi |
| mov edi, esi |
| jmp 00007F4F687061B2h |
| push 000003E8h |
| call dword ptr [0040A188h] |
| jmp 00007F4F68706179h |
| xor esi, esi |
| inc esi |
| cmp dword ptr [004088B0h], esi |
| jne 00007F4F687061ACh |
| push 0000001Fh |
| call 00007F4F687066CBh |
| pop ecx |
| jmp 00007F4F687061DCh |
| cmp dword ptr [004088B0h], ebx |
| jne 00007F4F687061CEh |
| mov dword ptr [004088B0h], esi |
| push 004010C4h |
| push 004010B8h |
| call 00007F4F687062F6h |
| pop ecx |
| pop ecx |
| test eax, eax |
| je 00007F4F687061B9h |
| mov dword ptr [ebp-04h], FFFFFFFEh |
| mov eax, 000000FFh |
| jmp 00007F4F687062D9h |
| mov dword ptr [004081E4h], esi |
| cmp dword ptr [004088B0h], esi |
| jne 00007F4F687061BDh |
| push 004010B4h |
| push 004010ACh |
| call 00007F4F68706885h |
| pop ecx |
| pop ecx |
| mov dword ptr [000088B0h], 00000000h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa28c | 0xb4 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0x108364 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x115000 | 0x888 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1410 | 0x54 | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1008 | 0x40 | .text |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xa000 | 0x288 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6314 | 0x6400 | False | 0.5744140625 | data | 6.314163792045976 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x8000 | 0x1a48 | 0x200 | False | 0.609375 | data | 4.970639543960129 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0xa000 | 0x1052 | 0x1200 | False | 0.4140625 | data | 5.025949912909207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xc000 | 0x109000 | 0x108400 | False | 0.9648871733088931 | data | 7.952919655905017 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x115000 | 0x888 | 0xa00 | False | 0.746484375 | data | 6.222637930812128 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| AVI | 0xcb30 | 0x2e1a | RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp | English | United States |
| RT_ICON | 0xf94c | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States |
| RT_ICON | 0xffb4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States |
| RT_ICON | 0x1029c | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 288 | English | United States |
| RT_ICON | 0x10484 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States |
| RT_ICON | 0x105ac | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States |
| RT_ICON | 0x11454 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States |
| RT_ICON | 0x11cfc | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | English | United States |
| RT_ICON | 0x123c4 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States |
| RT_ICON | 0x1292c | 0xd9d2 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x20300 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
| RT_ICON | 0x228a8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
| RT_ICON | 0x23950 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States |
| RT_ICON | 0x242d8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
| RT_DIALOG | 0x24740 | 0x2f2 | data | English | United States |
| RT_DIALOG | 0x24a34 | 0x35c | data | Russian | Russia |
| RT_DIALOG | 0x24d90 | 0x1b0 | data | English | United States |
| RT_DIALOG | 0x24f40 | 0x1b4 | data | Russian | Russia |
| RT_DIALOG | 0x250f4 | 0x166 | data | English | United States |
| RT_DIALOG | 0x2525c | 0x168 | data | Russian | Russia |
| RT_DIALOG | 0x253c4 | 0x1c0 | data | English | United States |
| RT_DIALOG | 0x25584 | 0x1e0 | data | Russian | Russia |
| RT_DIALOG | 0x25764 | 0x130 | data | English | United States |
| RT_DIALOG | 0x25894 | 0x150 | data | Russian | Russia |
| RT_DIALOG | 0x259e4 | 0x120 | data | English | United States |
| RT_DIALOG | 0x25b04 | 0x122 | data | Russian | Russia |
| RT_STRING | 0x25c28 | 0x8c | Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0 | English | United States |
| RT_STRING | 0x25cb4 | 0x86 | Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0 | Russian | Russia |
| RT_STRING | 0x25d3c | 0x520 | data | English | United States |
| RT_STRING | 0x2625c | 0x52e | data | Russian | Russia |
| RT_STRING | 0x2678c | 0x5cc | data | English | United States |
| RT_STRING | 0x26d58 | 0x592 | data | Russian | Russia |
| RT_STRING | 0x272ec | 0x4b0 | data | English | United States |
| RT_STRING | 0x2779c | 0x4b2 | data | Russian | Russia |
| RT_STRING | 0x27c50 | 0x44a | data | English | United States |
| RT_STRING | 0x2809c | 0x43e | data | Russian | Russia |
| RT_STRING | 0x284dc | 0x3ce | data | English | United States |
| RT_STRING | 0x288ac | 0x2fc | data | Russian | Russia |
| RT_RCDATA | 0x28ba8 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x28bb0 | 0xea680 | Microsoft Cabinet archive data, many, 960128 bytes, 2 files, at 0x2c +A "shS06Up82.exe" +A "rTV61uz75.exe", ID 2177, number 1, 36 datablocks, 0x1503 compression | English | United States |
| RT_RCDATA | 0x113230 | 0x4 | data | English | United States |
| RT_RCDATA | 0x113234 | 0x24 | data | English | United States |
| RT_RCDATA | 0x113258 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x113260 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x113268 | 0x4 | data | English | United States |
| RT_RCDATA | 0x11326c | 0xe | data | English | United States |
| RT_RCDATA | 0x11327c | 0x4 | data | English | United States |
| RT_RCDATA | 0x113280 | 0xe | data | English | United States |
| RT_RCDATA | 0x113290 | 0x4 | data | English | United States |
| RT_RCDATA | 0x113294 | 0x5 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x11329c | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x1132a4 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_GROUP_ICON | 0x1132ac | 0xbc | data | English | United States |
| RT_VERSION | 0x113368 | 0x408 | data | English | United States |
| RT_VERSION | 0x113770 | 0x410 | data | Russian | Russia |
| RT_MANIFEST | 0x113b80 | 0x7e2 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
| DLL | Import |
|---|---|
| ADVAPI32.dll | GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges |
| KERNEL32.dll | _lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA |
| GDI32.dll | GetDeviceCaps |
| USER32.dll | SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics |
| msvcrt.dll | _controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset |
| COMCTL32.dll | |
| Cabinet.dll | |
| VERSION.dll | GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States | |
| Russian | Russia |
| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 193.233.20.23192.168.2.54124497032043234 02/25/23-09:08:56.956124 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| 192.168.2.5193.233.20.234970341242043233 02/25/23-09:08:55.914790 | TCP | 2043233 | ET TROJAN RedLine Stealer TCP CnC net.tcp Init | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| 192.168.2.5193.233.20.234970341242043231 02/25/23-09:09:12.429866 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 25, 2023 09:08:55.614931107 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:08:55.637660980 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:08:55.638942003 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:08:55.914789915 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:08:55.937110901 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:08:55.979976892 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:08:56.933667898 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:08:56.956124067 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:08:57.011218071 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:06.982496023 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:07.006553888 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:07.006591082 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:07.006613016 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:07.006822109 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:08.686397076 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:08.709158897 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:08.745297909 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:08.767877102 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:08.811350107 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:08.894150972 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:08.916376114 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:08.916424990 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:08.916996002 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:08.965553999 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:09.006890059 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:09.028915882 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:09.029997110 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:09.053344965 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:09.076647997 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:09.121699095 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:09.223269939 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:09.245923042 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:09.293574095 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:10.063241959 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:10.085978985 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:10.137418985 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:10.213115931 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:10.235770941 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:10.251467943 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:10.274241924 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:10.313091993 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:10.335161924 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:10.335233927 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:10.335494041 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:10.352266073 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:10.375215054 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:10.376460075 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:10.398834944 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:10.449965954 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.067579031 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.120611906 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:12.179887056 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.221035957 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.243592024 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:12.298834085 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.350429058 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.373136997 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:12.377667904 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.400060892 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:12.405543089 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.428122044 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:12.429866076 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
| Feb 25, 2023 09:09:12.452549934 CET | 4124 | 49703 | 193.233.20.23 | 192.168.2.5 |
| Feb 25, 2023 09:09:12.495861053 CET | 49703 | 4124 | 192.168.2.5 | 193.233.20.23 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:08:23 |
| Start date: | 25/02/2023 |
| Path: | C:\Users\user\Desktop\y0EWt2mE9h.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe70000 |
| File size: | 1116672 bytes |
| MD5 hash: | 0588E4E46299165692A58B2046B3EA12 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Target ID: | 1 |
| Start time: | 09:08:24 |
| Start date: | 25/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\shS06Up82.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3e0000 |
| File size: | 929792 bytes |
| MD5 hash: | 1D818CDC54AEBE2E587F77D717B0D1C0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 2 |
| Start time: | 09:08:25 |
| Start date: | 25/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\sSH13Pp30.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe0000 |
| File size: | 699904 bytes |
| MD5 hash: | 611B6D7CD33B7C08EFA3757F4080FF78 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 3 |
| Start time: | 09:08:26 |
| Start date: | 25/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\smi53cv51.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa60000 |
| File size: | 409088 bytes |
| MD5 hash: | 830F4723EC8EAD8F959AF2AC394E2E8F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 4 |
| Start time: | 09:08:26 |
| Start date: | 25/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\iGb20db.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x690000 |
| File size: | 11616 bytes |
| MD5 hash: | 19C22162FD676451E1967474A4076E6F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 5 |
| Start time: | 09:08:36 |
| Start date: | 25/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64b480000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 6 |
| Start time: | 09:08:42 |
| Start date: | 25/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\kLL28QE.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 351744 bytes |
| MD5 hash: | 3C88EF8689CBDA12A3A7C5D586E5FA04 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 7 |
| Start time: | 09:08:45 |
| Start date: | 25/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64b480000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 8 |
| Start time: | 09:08:53 |
| Start date: | 25/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64b480000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 9 |
| Start time: | 09:09:02 |
| Start date: | 25/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64b480000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
Execution Graph
| Execution Coverage: | 28.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 29.5% |
| Total number of Nodes: | 962 |
| Total number of Limit Nodes: | 25 |
Graph
Callgraph
Function 00E7202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E73BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E71AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E7597D Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 212windowCOMMON
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E72F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E73FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E72BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E76F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E755A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E744B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E753A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E7256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E76A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E758C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E751E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E752B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E71FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E7487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E7658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E7621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E766AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E75C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E71F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E717EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E73210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E72CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E734F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E72773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E72267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E73100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E7681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E72AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E728E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E743D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E73A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E736EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 78% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E76495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E74169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E719E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E747E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E73680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E765E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00E769B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 28.6% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 962 |
| Total number of Limit Nodes: | 26 |
Graph
Callgraph
Function 003E3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E28E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 78% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003E69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 28.6% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 960 |
| Total number of Limit Nodes: | 25 |
Graph
Callgraph
Function 000E3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000E69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Callgraph
Function 00A63BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A61AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A62F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A62BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A66F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A655A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A653A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A66A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A658C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A652B6 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65fileCOMMON
Control-flow Graph
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A63FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A651E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A61FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A666AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A65C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A61F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A66CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A63210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A62CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A634F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A644B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A62773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A62267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A63100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A617EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A62AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A643D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A63A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A636EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A66495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A628E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A647E0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A619E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A63680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A66517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A665E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00A669B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Callgraph
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
Control-flow Graph
| C-Code - Quality: 63% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02F48146 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Control-flow Graph
| C-Code - Quality: 25% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02F47E05 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02EED164 Relevance: .1, Instructions: 77COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02EED668 Relevance: .1, Instructions: 75COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02EED15F Relevance: .1, Instructions: 58COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02EED663 Relevance: .1, Instructions: 56COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02EED005 Relevance: .0, Instructions: 45COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02EED01D Relevance: .0, Instructions: 45COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02F47A23 Relevance: .1, Instructions: 61COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
| C-Code - Quality: 90% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
| C-Code - Quality: 77% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
| C-Code - Quality: 65% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
| C-Code - Quality: 97% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |